feat(paperclip): migrate Ingress to Gateway API
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

Replace nginx Ingress with Gateway + HTTPRoute using the traefik-internal
GatewayClass. TLS is terminated at the Gateway listener via cert-manager.
This commit is contained in:
2026-05-22 00:11:47 +10:00
parent f53a2dc4f8
commit 43081f8e74
4 changed files with 49 additions and 30 deletions
+27
View File
@@ -0,0 +1,27 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
annotations:
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: paperclip.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
external-dns.alpha.kubernetes.io/hostname: paperclip.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
name: paperclip
namespace: paperclip
spec:
gatewayClassName: traefik-internal
listeners:
- allowedRoutes:
namespaces:
from: Same
hostname: paperclip.k8s.syd1.au.unkin.net
name: https
port: 443
protocol: HTTPS
tls:
certificateRefs:
- kind: Secret
name: paperclip-tls
mode: Terminate
+20
View File
@@ -0,0 +1,20 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: paperclip
namespace: paperclip
spec:
hostnames:
- paperclip.k8s.syd1.au.unkin.net
parentRefs:
- name: paperclip
sectionName: https
rules:
- backendRefs:
- name: paperclip
port: 3100
matches:
- path:
type: PathPrefix
value: /
-29
View File
@@ -1,29 +0,0 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
external-dns.alpha.kubernetes.io/hostname: paperclip.k8s.syd1.au.unkin.net
external-dns.alpha.kubernetes.io/target: 198.18.200.0
cert-manager.io/cluster-issuer: vault-issuer
cert-manager.io/common-name: paperclip.k8s.syd1.au.unkin.net
cert-manager.io/private-key-size: "4096"
name: paperclip
namespace: paperclip
spec:
rules:
- host: paperclip.k8s.syd1.au.unkin.net
http:
paths:
- backend:
service:
name: paperclip
port:
number: 3100
path: /
pathType: Prefix
tls:
- hosts:
- paperclip.k8s.syd1.au.unkin.net
secretName: paperclip-tls
+2 -1
View File
@@ -6,7 +6,8 @@ resources:
- cnpg_cluster.yaml - cnpg_cluster.yaml
- cnpg_pooler.yaml - cnpg_pooler.yaml
- deployment.yaml - deployment.yaml
- ingress.yaml - gateway.yaml
- httproute.yaml
- namespace.yaml - namespace.yaml
- services.yaml - services.yaml
- vaultauth.yaml - vaultauth.yaml